-
icedove (1:52.3.0-4~deb8u2) jessie-security; urgency=medium
[ Guido Günther ]
* [6214253] Simplify endianess selection for ICU
-- Carsten Schoenert <email address hidden> Sun, 10 Sep 2017 15:51:52 +0200
-
icedove (1:45.8.0-3~deb8u1) jessie-security; urgency=medium
[ Carsten Schoenert ]
* New upstream version 45.8.0:
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
CVE-2017-5401: Memory Corruption when handling ErrorResult
CVE-2017-5402: Use-after-free working with events in FontFace objects
CVE-2017-5404: Use-after-free working with ranges in selections
CVE-2017-5407: Pixel and history stealing via floating-point timing side
channel with SVG filters
CVE-2017-5410: Memory corruption during JavaScript garbage collection
incremental sweeping
CVE-2017-5408: Cross-origin reading of video captions in violation of CORS
CVE-2017-5405: FTP response codes can cause use of uninitialized values
for ports
CVE-2017-5398: Memory safety bugs fixed in Thunderbird 45.8
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5378: Pointer and frame data leakage of Javascript objects
CVE-2017-5380: Potential use-after-free during DOM manipulations
CVE-2017-5390: Insecure communication methods in Developer Tools JSON
viewer
CVE-2017-5396: Use-after-free with Media Decoder
CVE-2017-5383: Location bar spoofing with unicode characters
CVE-2017-5373: Memory safety bugs fixed in Thunderbird 45.7
* debian/rules: don't set MOZ_APP_PROFILE in jessie or wheezy.
We don't need a special diffrent default profile folder in jessie or
wheezy. We will use always ~/.thunderbird in all available releases.
* tb-wrapper: call thunderbird starting with exec
[ Guido Günther ]
* Register components in gbp.conf
* Drop superfluous iceowl-l10n files
* Copy-edit thunderbird-wrapper-helper.sh
-- Guido Günther <email address hidden> Sat, 15 Apr 2017 16:37:06 +0200
-
icedove (1:45.3.0-1~deb8u1) stable-security; urgency=medium
[ Carsten Schoenert ]
* [3cc29ee] Imported Upstream version 45.3.0
- MFSA 2016-62 aka CVE-2016-2836
-- Christoph Goehre <email address hidden> Sun, 02 Oct 2016 11:36:16 -0400
-
icedove (1:45.2.0-1~deb8u1) stable-security; urgency=medium
[ Carsten Schoenert ]
* [411b27d] Imported Upstream version 45.2.0
- MFSA 2016-49 aka CVE-2016-2818
* [aeb5aee] debian/icedove.js: disable Icedove startup check
(Closes: #817973)
* [685b602] icedove-l10n-all: change Section into metapackages
(Closes: #824785)
[ Christoph Goehre ]
* [2871800] rebuild patch queue from patch-queue branch
added patches:
- fixes/Bug-1277295-Remove-obsolete-reference-to-storage-service-.patch
(Closes: #827592)
-- Christoph Goehre <email address hidden> Sun, 07 Aug 2016 10:55:46 -0400
-
icedove (38.8.0-1~deb8u1) stable-security; urgency=medium
[ Guido Günther ]
* [ee8dd49] Clarify relation between icedove and the calendar extensions
(Closes: #809017)
[ Christoph Goehre ]
* [bac2d5b] Imported Upstream version 38.8.0
- MFSA 2016-36 aka CVE-2016-1979
- MFSA 2016-39 aka CVE-2016-2807, CVE-2016-2805
-- Christoph Goehre <email address hidden> Wed, 11 May 2016 19:26:19 -0400
-
icedove (31.8.0-1~deb8u1) stable-security; urgency=medium
* [d427fea] Imported Upstream version 31.8.0
- MFSA 2015-59 aka CVE-2015-2724
- MFSA 2015-66 aka CVE-2015-2734, CVE-2015-2735, CVE-2015-2736,
CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740
- MFSA 2015-70 aka CVE-2015-4000
- MFSA 2015-71 aka CVE-2015-2721
* [6516780] lintian: add override for libpng
* [1c33ec2] build against internal libnss3
-- Christoph Goehre <email address hidden> Thu, 30 Jul 2015 10:28:32 -0400
-
icedove (31.7.0-1~deb8u1) stable-security; urgency=medium
* [c3c81df] Imported Upstream version 31.7.0
- MFSA 2015-46 aka CVE-2015-2708
- MFSA 2015-47 aka CVE-2015-0797
- MFSA 2015-48 aka CVE-2015-2710
- MFSA 2015-51 aka CVE-2015-2713
- MFSA 2015-54 aka CVE-2015-2716
* [eb8cb5a] adjust gbp.conf for jessie-security branch
-- Christoph Goehre <email address hidden> Mon, 18 May 2015 18:42:47 -0400
-
icedove (31.6.0-1) unstable; urgency=medium
* [c71fc00] Imported Upstream version 31.6.0
* [e13a5a1] rebuild patch queue from patch-queue branch
added patches:
- porting/ppc-fix-divide-page-size-in-jemalloc.patch (Closes: #780404)
-- Christoph Goehre <email address hidden> Wed, 01 Apr 2015 18:59:32 -0400
-
icedove (31.5.0-1) unstable; urgency=low
* [f0e7673] Imported Upstream version 31.5.0
* [4bf64fa] rebuild patch queue from patch-queue branch
modified patches:
- p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
-- Christoph Goehre <email address hidden> Sun, 01 Mar 2015 18:04:13 -0500
-
icedove (31.4.0-2) unstable; urgency=low
[ Christoph Goehre ]
* [305b0fb] debian/icedove.desktop: correct StartupWMClass to 'Icedove'
(Closes: #773876)
* [8b4871a] rebuild patch queue from patch-queue branch
added patches:
- iceowl/adjust-calendar-google-provider-to-Google-Calendar-A.patch
(Closes: #770008)
- iceowl/get-rid-of-subdir-shim-in-gdata-provider.patch
modified patches:
- p-kfree-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch
- p-kfree-hurd/FTBFS-hurd-adding-the-HURD-platform-to-the-configure.patch
- p-kfree-hurd/FTBFS-hurd-fixing-unsupported-platform-Hurd.patch
- p-kfree-hurd/LDAP-support-building-on-GNU-kFreeBSD-and-GNU-Hurd.patch
- p-kfree-hurd/correcting-file-inclusion-for-kfreebsd-and-hurd.patch
* [573c8bb] debian/rules: move some gdata modules into 'shim' subdir
* [acf83d3] debian/icedove.desktop: add MimeType text/calendar
(Closes: #762190)
[ Carsten Schoenert ]
* [cf73d7e] debian/README.Debian: adding note around HTTPS Everythere
(Closes: #774790)
-- Christoph Goehre <email address hidden> Sat, 24 Jan 2015 19:03:28 -0500
-
icedove (31.3.0-1) unstable; urgency=low
[ Carsten Schoenert ]
* [679d70d] debian/source.filter: more files to ignore
* [054b68a] debian/NEWS: fixing default SSL/TLS behavior description.
* [b5acb03] debian/NEWS: adding notes around new security changes.
[ Christoph Goehre ]
* [e2572a7] Imported Upstream version 31.3.0
* [10ce820] rebuild patch queue from patch-queue branch
added patches:
- debian/patches/FTBFS-armhf-fixing-ARM-CPU-detection.patch
- debian/patches/fixing-various-FTBFS-due-different-datatype-char-beh.patch
-- Christoph Goehre <email address hidden> Thu, 04 Dec 2014 12:57:59 -0500
-
icedove (31.2.0-1) unstable; urgency=low
* [ae54a5c] Imported Upstream version 31.2.0
* [915864d] debian/NEWS: adding note around increased default TLS version 1.2
(Closes: #761245)
-- Christoph Goehre <email address hidden> Thu, 23 Oct 2014 12:28:16 -0400
-
icedove (31.1.2-1) unstable; urgency=low
[ Christoph Goehre ]
* [ebaaee5] adjust gbp.conf to use upstream branch 'upstream-31.x'
* [a041f0b] Imported Upstream version 31.1.2
* [1daecd9] rebuild patch queue from patch-queue branch
modified patches:
- porting-kfreebsd-hurd/FTBFS-hurd-adding-GNU-Hurd-to-the-list-of-OS-systems.patch
obsolete patches (fixed upstream):
- porting-armel/FTBFS-armel-fixing-usage-int-on-ARM-audio-backend.patch
- porting-armel/fix-skia-for-ARMv4.patch
* [066505b] linitan: bump up standards version to 3.9.6
[ Carsten Schoenert ]
* [d17bf45] debian/gbp.conf: some instructions for git-dch
* [0139cb2] README.source: let's use xz while creating the orig.tar.xz
-- Christoph Goehre <email address hidden> Fri, 10 Oct 2014 19:55:54 -0400
-
icedove (31.0-3) unstable; urgency=medium
* [65ad797] icedove.postinst: remove obsolete symlink handling
(Closes: #759502, #760012)
* [e2b5f63] rebuild patch queue from patch-queue branch
added patches:
- debian-hacks/pass-OS_LDFLAGS-to-all-ldap-libraries.patch
- porting-armel/FTBFS-armel-fixing-usage-int-on-ARM-audio-backend.patch
modified patches:
- porting-alpha/fix-FTBFS-on-alpha.patch
-- Christoph Goehre <email address hidden> Sun, 31 Aug 2014 16:30:57 -0700
-
icedove (24.5.0-2) unstable; urgency=low
* [e4a43ed] debian/rules: remove duplicate LDFLAGS += -Wl,--stats
* [f9dba4b] debian/rules: export all compiler flags into build environment
* [8dc0712] debian/rules: run autoconf for all configue files
* [95d4b48] debian/rules: export MOZCONFIG onces
* [577bd03] debian/rules: update config.sub and config.guess before autoconf
run
* [7f958c7] parse DEB_BUILD_OPTIONS for how many parallel buildjobs to start
(Closes: #746984)
* [0f8b062] debian/rules: export MOZILLA_OFFICIAL
* [1c3d277] run configure with --build and --host
* [f190e19] don't build a shared js library (Closes: #724688, #729073,
#745593)
-- Christoph Goehre <email address hidden> Thu, 08 May 2014 20:07:06 -0400
-
icedove (24.4.0-1) unstable; urgency=low
* [a2b13c0] Imported Upstream version 24.4.0
* [fd90463] rebuild patch queue from patch-queue branch
added patches:
- porting-hppa/FTBFS-hppa-correcting-code-inside-JS_STACK_GROWTH_DI.patch
(Closes: #741245)
-- Christoph Goehre <email address hidden> Sat, 22 Mar 2014 11:10:18 -0400
-
icedove (24.3.0-2) unstable; urgency=low
[ Christoph Goehre ]
* [122ffe9] remove ldif60 from pkgconfig file (Closes: #732652)
* [b64ccac] rebuild patch queue from patch-queue branch
added patches:
- porting-powerpcspe/FTBFS-Altivec-is-not-available-on-powerpcspe.patch
(Closes: #734859)
[ Carsten Schoenert ]
* [aa4f5b1] thunderbird.install.in: shipping all files in /u/l/i/components
(Closes: #737811)
* [3bf4738] debian/rules: fix *.js file-permissions for iceowl-extension
* [50ab7a5] debian/rules: remove -Wl,--as-needed linker option
(Closes: #732652, #730450, #724688)
-- Christoph Goehre <email address hidden> Sun, 09 Mar 2014 15:33:05 -0400
-
icedove (17.0.10-1) unstable; urgency=low
[ Christoph Goehre ]
* [6f2593b] Imported Upstream version 17.0.10
[ Carsten Schoenert ]
* [2f1ee4f] debian/copyright: correcting wrong comma usage
* [2a86740] debian/copyright: adjusting copyright infos
* [c99ec66] debian/copyright: correcting various lintian warning
* [114c9ec] debian/control: expanding icedove-dev dependency on python
* [1643ba3] debian/control: adding a more specific description for
iceowl-extension and google-cal-prov
-- Christoph Goehre <email address hidden> Sun, 03 Nov 2013 17:31:45 -0500
-
icedove (17.0.9-2) unstable; urgency=low
* [ab3a41c] rebuild patch queue from patch-queue branch
added patches:
- porting/Bug-898916-Properly-align-statically-allocated-class.patch
* [c68b8b7] ia64 don't like LDFLAG --no-keep-memory
-- Christoph Goehre <email address hidden> Sat, 05 Oct 2013 11:50:47 -0400
-
icedove (10.0.12-1) unstable; urgency=high
* [c45eb8d] New Upstream version 10.0.12
* Fixes for MFSA-2013-{01,02,04,05,09,11,12,15-17,20}, also known as
CVE-2013-0769, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767,
CVE-2013-0759, CVE-2013-0744, CVE-2013-0746, CVE-2013-0748,
CVE-2013-0750, CVE-2013-0758, CVE-2013-0753, CVE-2013-0754,
CVE-2013-0743
-- Christoph Goehre <email address hidden> Tue, 15 Jan 2013 18:33:23 -0500